Insider threats and disgruntled employees remain one of the biggest risks for organisations according to a new report by CyberArk.
Based on a poll of more than 1,000 UK office workers, the report says that almost half of them have, or have had, access to sensitive financial documents. Roughly the same percentage has had access to HR data, and nearly a third direct access to bank accounts - yet many companies are still failing to lock down business critical data.
CyberArk calls these figures 'alarming', as employees with too much access pose a 'heightened insider threat'.
But it's not just current employees. Former employees, also known as ghost employees, also pose a significant threat. Ghost employees are those that leave the company, but their accounts and credentials remain active (for example, an active email address from an employee that no longer works). Not only does this open the doors for disgruntled former employees wreaking havoc, but also allows hackers easier access to the target company.
On a more positive note, employees are getting the hang of cybersecurity. Many would admit immediately, if they had opened a malicious attachment, and they'd speak up if they didn't understand IT security information. The majority is also confident in their IT security teams.
“Ghost employees are a major concern for any organisation – they not only elevate the risk of key company applications, tools and data being breached in the event of a cyber-attack, but also provide a potential route for disgruntled employees or rival businesses to manipulate existing data, causing serious administrative and financial damage,” says Rich Turner, VP EMEA at CyberArk.
“These findings are symptomatic of the misguided cyber spending habits of UK PLC. We continue to devote huge sums to perimeter defences when the smarter approach is to assume the inevitable – that attacks will get in – and ensure that their access to sensitive assets and data is contained. “
Image Credit: StartupStockPhotos / Pixabay